apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,793 Commits 304 Branches 324 Tags
Commit Graph

117 Commits

Author SHA1 Message Date
Marcus Sorensen
ac59a4f136 Summary: Move Xen vmdata to new, non-ssh method 
Detail: KVM recently got a patch that did away with a few dozen ssh calls
when programming virtual router (CLOUDSTACK-3163), saving several seconds
for each vm served by the virtual router when the router is rebooted. This
patch updates Xen to use the same method, and cleans up the old script refs.

Reviewed-by: Sheng Yang, Prasanna Santhanam
 2013-07-30 21:45:36 -06:00
Anthony Xu
f1fb7c3efe in security group, CS put a rule in ebtables filter table FORWARD chain to prevent user from changing VM mac address 
util.pread2(['ebtables', '-A', vm_chain, '-i', vif, '-s', '!', vm_mac,  '-j', 'DROP'])

if user changes the VM mac address, all egress packet from the VM will be dropped, but the egress packet still contaminate the bridge cache with fake MAC,

This patch moves the rule to ebtables nat table PREROUTING chain, then the egress packet with modified MAC will not contaminate the bridge cache.

Anthony
 2013-07-30 17:04:21 -07:00
Bharat Kumar
9c24be4837 CLOUDSTACK-3871 XEN - Unable to deploy VM in guest network VLAN with different subnets 
Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
 2013-07-28 23:43:44 -07:00
Bharat Kumar
e14f5d0aeb Cloudstack-3694 Dnsmasq rewrite in bash 
(Sheng: Fix typo, fix log and error message, remove 'set -x' in script)

Signed-off-by: Sheng Yang <sheng.yang@citrix.com>
 2013-07-24 14:00:31 -07:00
hongtu_zang
9d857c0362 fix xenserver 6.1 and 6.2 can not open vnc console 
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2013-07-12 16:35:17 +05:30
Anthony Xu
fdc9f10cc1 fix , Windows 2008 32bit instance can't get IP address, 
normally, in dhcp reply, the target ip is allocated ip for VM.
but windows 2008 32bit has special field in dhcp reply, which makes dhcp reply use 255.255.255.255 as target ip, which is blocked by SG rule,
 2013-05-29 16:01:22 -07:00
Harikrishna Patnala
ffe90c0059 CLOUDSTACK-2085: VM weight on xen remain same as before vmscaleup ;because "Add-To-VCPUs-Params-Live.sh" is not getting copied on xs host 
Fixed by updating the patch files that has
 entries to copy scipts on xenserver. Here we added
 Add-To-VCPUs-Params-Live.sh

Added a check on Host params whether host restricts Dynamic memory control(DMC) to able to allow scale up VM.
If DMC is not enabled then static max and min are set to SO.

Signed Off by - Nitin Mehta <nitin.mehta@citrix.com>
 2013-05-15 16:17:21 +05:30
Anthony Xu
1518e7ee43 CLOUDSTACK-2115: remove the trailing '\n' to get correct XS network mode 2013-05-14 17:52:10 -07:00
Bharat Kumar
052c24c4d1 CLOUDSTACK-702: Multiple ip ranges in different subnets. 
This feature enables adding of guest ip ranges (public ips)  form different subnets.

In order to provide the dhcp service to a different subnet we create an ipalias on the router. This allows the router to listen to the dhcp request from the guest vms and respond accordingly. Every time a vm is deployed in the new subnet we configure an ip alias on the router. Cloudstack uses dnsmasq to provide dhcp service. We need to configure the dnsmasq to issue ips on the new subnets. Added a new class dnsmasqconfigurator which generates the dnsmasq confg file, this file replaces the old config in the router.

The details of the alias ips are stored in db in the nic_ip_alias table. Every time a new subnet is added one of the ip from the subnet is used to configure the ip alias.

I have pushed the code to  https://github.com/bvbharatk/cloud-stack/tree/Cloudstack-702 , also rebased the code with master.
I need to test the code for advanced sg enabled network using kvm.

I have added the unit test
Marvin tests are at https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=53e4965

Also accomodated some of the changes suggested by koushik.
corrected the import statements. renamed the IpAlias command to createIpAlias command.

This feature supports only ipv4
 2013-05-13 17:06:44 +05:30
Nitin Mehta
3e4430d811 CLOUDSTACK-658 - Scaleup vm support for Xenserver 
Added the framweork so that it can be extended for vmware and kvm as well.
Added unitests and marvin tests.
 2013-03-28 16:43:37 +05:30
Jayapal Uradi
a49261c3b1 CLOUDSTACK-24: mipn feature for basiczone 
Signed-off-by: Abhinandan Prateek <aprateek@apache.org>
 2013-03-13 10:24:22 +05:30
Nitin Mehta
b12aebefee Revert "CLOUDSTACK-658 - Adding Scalevm command and XS related changes" 
This reverts commit e0019eccd997d9b2b3ff9395bcd99f821f5121db.
 2013-03-04 23:32:52 +05:30
Nitin Mehta
e0019eccd9 CLOUDSTACK-658 - Adding Scalevm command and XS related changes 2013-03-04 14:47:55 +05:30
anthony
db71d3da36 CLOUDSTACK-1167 
remove arptables rules after VM is stopped
 2013-02-05 15:07:29 -08:00
Anthony Xu
acaa22003d CLOUDSTACK-184: add createFileInDomr plugin 2012-09-24 16:11:04 -07:00
anthony
541fec8b46 Bug 13734 : after upgrade, dhcp traffic is allowed for all VMs 
reviewed-by: kelven
 2012-09-07 17:31:11 -07:00
Anthony Xu
b58123e075 CS-15921 : in 2.1 timeframe, -untagged string is appended to the end of instance name, 
in cleanup_rules function, we need to convert chain name to vm name correclty
 2012-09-07 17:25:41 -07:00
Anthony Xu
33fdcf1047 CS-16261: 
egress_vmchain doesn't exist in 2.2.*, create it automatically after upgrade
 2012-09-07 17:07:10 -07:00
anthony
2ea876dfd3 in basic zone, allow dhcp traffic by default 2012-08-15 13:11:58 -07:00
Alena Prokharchyk
634cd78baa Merge branch 'master' into vpc 
Conflicts:
	api/src/com/cloud/api/ApiConstants.java
	api/src/com/cloud/api/BaseCmd.java
	api/src/com/cloud/api/ResponseGenerator.java
	api/src/com/cloud/api/commands/ListNetworksCmd.java
	api/src/com/cloud/api/response/NetworkResponse.java
	api/src/com/cloud/event/EventTypes.java
	api/src/com/cloud/network/NetworkService.java
	client/tomcatconf/commands.properties.in
	scripts/network/domr/getDomRVersion.sh
	scripts/network/domr/ipassoc.sh
	scripts/network/domr/l2tp_vpn.sh
	scripts/network/domr/networkUsage.sh
	scripts/network/domr/router_proxy.sh
	server/src/com/cloud/api/ApiDBUtils.java
	server/src/com/cloud/api/ApiResponseHelper.java
	server/src/com/cloud/configuration/DefaultComponentLibrary.java
	server/src/com/cloud/network/NetworkManagerImpl.java
	server/src/com/cloud/network/dao/IPAddressDao.java
	server/src/com/cloud/network/dao/IPAddressDaoImpl.java
	setup/apidoc/gen_toc.py
	setup/db/create-schema.sql
	wscript
 2012-06-28 17:41:40 -07:00
David Nalley
d630fa8697 license header changes for scripts folder from Chip Childers 2012-06-23 00:58:00 -04:00
anthony
418cbe2e17 VPC : fixed get_domr_version 2012-06-15 14:33:43 -07:00
anthony
a4d0f91cfe VPC : use routerProxy to call l2tpVpn 
Conflicts:

	core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java
 2012-06-15 14:26:20 -07:00
anthony
c75fe80125 VPC : use routerProxy to call networkUsage.sh 
Conflicts:

	core/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
 2012-06-15 14:25:21 -07:00
anthony
251a91f5b3 VCP : use routerProxy to call checkrouter script 2012-06-15 14:24:18 -07:00
anthony
8c1700a3a4 VPC : introduce router_proxy.sh, resource should use this as a proxy to call scripts inside domr 
already did this for ipassoc and getDomRVersion
 2012-06-15 14:22:49 -07:00
anthony
8581d02ee8 CS-14946, check if it is linux bridge before call ovs 2012-05-23 19:06:35 -07:00
Salvatore Orlando
9f321ffeac Open vSwitch tunnel manager 
Applying patch with new ovs-tunnel-manager on top of cloudstack oss-master
 2012-04-23 22:32:16 +01:00
Edison Su
a6d4a76647 bug 14498: in xenserver 6.0 and openvswitch enabled, reboot xenserver will lost link local bridge; the workaround is if the link local bridge is lost, create a new one; status 14498: resolved fixed; Reviewed-by: frank 2012-03-26 17:15:03 -07:00
abhi
a560ec3001 removing the minor version number for comparisions for Xenserver 6.0 2012-03-13 11:23:27 +05:30
Chiradeep Vittal
7008e5a46b bug 13734: allow dhcp requests and responses all the time 2012-02-15 15:34:48 -08:00
Chiradeep Vittal
3a3d096a5c it appears xs 6.0 allows iptables rules across the bridge without csp 2012-02-13 15:53:45 -08:00
Chiradeep Vittal
08636d5802 bug 13060: check for resident vms as xapi will return vms running on other hosts in the cluster 2012-01-17 18:37:59 -08:00
Chiradeep Vittal
af667d26b7 bug 13033: security rule prevents console access 2012-01-12 15:35:25 -08:00
anthony
5d54a3aef8 bug 13052: check if ebtables exists in can_bridge_firewall 
status 13052: resolved fixed
 2012-01-12 11:34:31 -08:00
anthony
f964c4d227 bug 10363 : cleanup vhd in primary storage if download template to primary storage fails 
Conflicts:

	core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
	scripts/vm/hypervisor/xenserver/vmops
 2012-01-10 13:56:29 -08:00
Naredula Janardhana Reddy
6aa0560d37 bug 12917: security groups - icmp type/code validations. 2012-01-06 19:33:07 +05:30
Chiradeep Vittal
5aba3913bb bug 12854: arp requests can also be used to poison arp caches 2012-01-05 18:01:19 -08:00
Chiradeep Vittal
f138d15efb bug 12854: arp and ip antispoof independent of the order of vm start 2012-01-05 18:01:10 -08:00
Chiradeep Vittal
24894e2354 bug 11302: dont allow stuff like BPDUS, don't allow vms to connect to hypervisor 2011-12-29 17:35:24 -08:00
Chiradeep Vittal
4718f194ef bug 12772: typo 2011-12-29 16:01:41 -08:00
Chiradeep Vittal
a51ee064ee bug 11302: more efficient caching of keyword 2011-12-29 16:01:41 -08:00
Chiradeep Vittal
c05903b2d0 bug 11302: support new CSP for SP2. 
conditional check : --match-set vs --set
forgot to merge this in from 2.2.y
 2011-12-29 16:01:40 -08:00
frank
363aea4aee Bug 12731 - Ebtable rules are blocking all traffic going out of VMs in basic zone 
status 12731: resolved fixed

reviewed-by: edison
 2011-12-22 15:04:15 -08:00
anthony
61eab674d2 bug 12328: XenServer 6.0 changes vnc-port path in xenstore 
status 12328: resolved fixed
 2011-12-21 12:00:27 -08:00
Chiradeep Vittal
2278477737 add stronger security to defend against attacks originating in the vm 2011-12-19 10:56:52 -08:00
Chiradeep Vittal
5393a44c56 bug 12290: improve antispoofing lgic 
handle reboot within vm correctly
iptables -S missing in csp
 2011-12-19 10:56:52 -08:00
Naredula Janardhana Reddy
0c1e21ab80 bug 10617: vmops related changes. 2011-12-01 19:32:57 +05:30
Naredula Janardhana Reddy
09905b641b bug 10617: merge code from branch bug10617. 2011-12-01 14:17:52 +05:30
Naredula Janardhana Reddy
f1b99f4f07 Revert "bug 10617: merging code from branch bug10617" 
This reverts commit 8bc33448b9220534ba0ddc6c642ffb1e69d5844e.

Conflicts:

	server/src/com/cloud/api/ApiResponseHelper.java
 2011-11-11 20:23:26 +05:30